1

我是 Spring Security 的新手,并试图弄清楚 Spring-Security 模块的确切流程,

请建议正确的流程。

web.xml

<?xml version="1.0" encoding="UTF-8"?>
<web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns="http://java.sun.com/xml/ns/javaee"
    xmlns:web="http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd"
    id="WebApp_ID" version="2.5">
    <display-name>OnlineTestProject</display-name>

    <filter>
        <filter-name>springSecurityFilterChain</filter-name>
        <filter-class>
            org.springframework.web.filter.DelegatingFilterProxy
        </filter-class>
    </filter>

    <filter-mapping>
        <filter-name>springSecurityFilterChain</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

    <context-param>
        <param-name>contextConfigLocation</param-name>
        <param-value>
            /WEB-INF/security/applicationContext-security.xml
            /WEB-INF/db/applicationContext.xml
        </param-value>
    </context-param>

    <listener>
        <listener-class>
            org.springframework.web.context.ContextLoaderListener
        </listener-class>
    </listener>

    <servlet>
        <servlet-name>dispatcher</servlet-name>
        <servlet-class>
            org.springframework.web.servlet.DispatcherServlet
        </servlet-class>
        <load-on-startup>1</load-on-startup>
    </servlet>
    <servlet-mapping>
        <servlet-name>dispatcher</servlet-name>
        <url-pattern>/</url-pattern>
    </servlet-mapping>

    <welcome-file-list>
        <welcome-file>jsp/index.jsp</welcome-file>
    </welcome-file-list>

</web-app>

applicationContext-security.xml

<http use-expressions="true">
    <form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
        authentication-failure-url="/jsp/login.jsp?login_error=1"
        always-use-default-target="true" />

    <intercept-url pattern="/jsp/login.jsp" access="permitAll" />

    <logout logout-url="/j_spring_security_logout"
        invalidate-session="true" />

    <remember-me />

    <session-management invalid-session-url="/jsp/login.jsp?loggedout=true">
        <concurrency-control max-sessions="1"
            error-if-maximum-exceeded="false" />
    </session-management>

    <anonymous enabled='false'/>
</http>

我所知道的是,当应用程序发出请求时,它将进入欢迎文件列表以在我的情况下打开 jsp/login.jsp,因此它将直接打开 jsp/login.jsp 页面,但我们保持安全, 所以它会进入 applicationContext-security.xml 并检查 jsp/login.jsp 是否需要过滤等等....然后在哪里

<form-login login-page="/jsp/login.jsp" default-target-url="/jsp/index.jsp"
            authentication-failure-url="/jsp/login.jsp?login_error=1"
            always-use-default-target="true" />

将出现在图片中,据我所知,它应该转到“/jsp/login.jsp”页面进行登录,如果凭据成功,那么它应该转到/jsp/index.jsp,但它正在打开/jsp/ index.jsp 页面第一....

有人可以指导我正确的流程。

谢谢

4

0 回答 0